Computer users today often use multiple portable and desktop computing devices. For example, take a typical case of a person who uses a desktop computer, a laptop computer, a smartphone, and a tablet computing device. At any particular time, the user may have one or more of these devices in close physical proximity, while the others which are not currently needed are located elsewhere. The collection of devices in one's direct physical control varies over time depending upon the task at hand. For example, if the user is at work he might be operating a desktop computer and have a smartphone in his pocket. On a business trip, the user might bring a laptop computer, a smartphone and a tablet computing device.
It is not uncommon today for users to have multiple mobile computing devices, which can be carried in different combinations under different circumstances. For example, the user may choose from a variety of laptop computer and tablet computing devices, depending on the nature of a business or personal trip. For a short trip, the user may bring an ultra-light class computing device, a mobile phone, and a smaller 7″ tablet. For a longer trip, the same user might bring a workstation class laptop, a mobile phone, and a larger 10″ tablet. In these scenarios, there would be a set of active computing devices in close physical proximity to the user, and another set of computing devices not in close proximity, that are not currently being used. While the devices in the active set are with the user, the non-active devices could be located back at the user's office or home. Going forward, the number of computing devices in use by individuals will continue to proliferate, as will the form factors in which such devices are available. For example, user accessible computers in automobiles that give immediate access to, e.g., email (often using voice for control) are already available, and will become more common with time.
Enterprise level gateway filters typically control mobile device access to an organization's computing resources, such as internal web sites and mail services. Such gateway functionality is often provided by Microsoft's Exchange ActiveSync, or a similar product. Exchange ActiveSync is an Extensible Markup Language (“XML”) based synchronization protocol that communicates over Hypertext Transfer Protocol (“HTTP”) or Hypertext Transfer Protocol Secure (“HTTPS”). Exchange ActiveSync enables the synchronization of email, contacts, calendars, tasks and notes from a server running Microsoft Exchange to a mobile computing device, such as a smartphone, and also provides mobile device management and policy controls.
A user can be expected to operate the computing devices under his direct control, and these computers should be able to connect to remote systems to which the user has access. For example, the user has a legitimate need to use the devices on his person to connect to computer networks maintained by his employer or academic institution, e.g., via a gateway filter, in order to access his email and work related documents, run enterprise level software, etc. However, there is not a legitimate reason for the computers that are not currently with the user to be operated, or for these computers to access remote systems to which the user has access. While these devices typically have their own local access controls (e.g., passwords, pins, etc.), such security measures are not always uniformly enforced, and sometimes have bypass vulnerabilities.
It would be desirable to address these issues.